Awesome-Mirrors
/
Crypto-OpSec-SelfGuard-RoadMap
mirror of https://github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update README.md 

fixes
This commit is contained in:
Officer | officercia 2023-09-16 17:18:31 +03:00 committed by GitHub
parent 23709e4d66
commit 4d39e5ab33
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -92,7 +92,7 @@ The most important thing to understand here is the path of the cyber attack
### Problem 1
Use a secure email provider like Protonmail or Tutanota. Also use trusted VPN like Mullvad or ProtonVPN. E2E (end-to-end) encryption is only as secure as the service you are sending the email to.
Use a secure email provider. Also use trusted VPN like Mullvad or ProtonVPN (better - selfhost it). E2E (end-to-end) encryption is only as secure as the service you are sending the email to.
For example, if a Protonmail user sends an email to a Gmail user, the email is encrypted with TLS, but Google can still read and hand over any data that passes through their server. E2E can be re-established by using features such as the password-protected email feature from Protonmail.
@ -147,7 +147,7 @@ You can also use something like [private addresses feature](https://spreadprivac
### Problem 2
Use different emails and different strong passwords. Store them in one place like a password manager. Never reuse passwords, especially for accounts with personally identifiable and sensitive information (e.g. Facebook, Gmail, AppleID, Twitter, banks/payments, crypto accounts).
Use different emails and different strong passwords. Never reuse passwords, especially for accounts with personally identifiable and sensitive information (e.g. Facebook, Gmail, AppleID, Twitter, banks/payments, crypto accounts).
- [Taming a Wildhorse CEX App](https://officercia.mirror.xyz/scaEkpIpF7pd9Dhsj26F3HguaYnwhDg9TeAGIo76aRY)
- [«Back office» and «front office»](https://twitter.com/officer_cia/status/1516581048792289280)
@ -192,7 +192,7 @@ Using a string of unrelated words while still meeting the dictionary requirement
</details>
If you see suspicious password activity or failed log-ins on any of your accounts, change all of your passwords, starting with sensitive and authorization accounts, such as your primary email and bank/crypto accounts.
If you see suspicious password activity or failed log-ins on any of your accounts, change all of your passwords, starting with sensitive and authorization accounts, such as your primary email and bank/crypto accounts.
[KeePass](https://keepass.info) or [Keepassx](https://keepassx.org) or [KeePassDX](https://www.keepassdx.com) or [KeePassXC](https://keepassxc.org) or [BitWarden](https://bitwarden.com) are good options. I also found [this tutorial](https://forums.linuxmint.com/viewtopic.php?f=42&t=291093) for [integrity check](https://keepass.info/integrity.html) (and other checks) very helpful, be sure to check it out as well: [link](https://forums.linuxmint.com/viewtopic.php?f=42&t=291093).
@ -234,7 +234,7 @@ If you see suspicious password activity or failed log-ins on any of your account
### Problem 3
Never link phone numbers to crypto platforms. Use trusted multiple e-sims if you have to link the phone. To lock down your SIM, contact your mobile phone carrier.
Never link phone numbers to crypto platforms. Use trusted multiple e-sims if you have to link the phone. To lock down your SIM, contact your mobile phone carrier.
> That is a standard that [has been tested](https://twitter.com/officer_cia/status/1607182946104119301) by telecommunications operators in the [US, the UK, Poland, and China](https://twitter.com/officer_cia/status/1581725537571344385) - also check out [this tweet](https://twitter.com/cryptonacks/status/1538206075178074113) and [this article](https://www.androidpolice.com/how-to-protect-yourself-from-a-sim-swap-attack). You just need to insist on it or visit the head office, and Im sure that the support manager on the phone maynt know about it!
@ -260,7 +260,7 @@ Ask them to NEVER make changes to your phone number/SIM unless you physically sh
### Problem 4
Instead of SMS-based 2FA, use Authy or Aegis OTP for iOS or Android. Google Authenticator is generally not recommended anymore in order to stay out of the Google ecosystem, and Authy offers more robust account recovery options (Aegis does not offer the same level of account recovery options). Keep in mind that the codes generated by 2FA apps are device specific.
Instead of SMS-based 2FA, use Authy or Aegis OTP for iOS or Android. Google Authenticator is generally not recommended anymore in order to stay out of the Google ecosystem, and Authy offers more robust account recovery options (Aegis does not offer the same level of account recovery options). Keep in mind that the codes generated by 2FA apps are device specific.
> Learn MFA and 3FA! [Check out this article](https://www.techtarget.com/searchsecurity/definition/three-factor-authentication-3FA).